CVE-2025-43829

Stored cross-site scripting XSS vulnerability in diagram type products in Commerce in Liferay Portal 7.4.3.18 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 18 through update 92 allows remote attackers to inject arbitrary web script or...

DEBIAN-CVE-2023-5631

Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcubewashtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code...

SUSE CVE-2014-9815

ImageMagick allows remote attackers to cause a denial of service application crash via a crafted wpg file...

SUSE CVE-2022-26061

A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2021-29367

A buffer overflow vulnerability in WPG+0x1dda of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted WPG file...

ALPINE-CVE-2021-20205

Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image...

Accusoft ImageGear PNG header-parser buffer overflow vulnerability

Accusoft ImageGear is a software development toolkit for image processing from Accusoft Corporation. A buffer overflow vulnerability exists in the Accusoft ImageGear PNG header-parser, which can be exploited by a remote attacker to submit a request for a special PNG file and trick the user into...